Online Bank Theft Moves to Next Level

Online Bank Theft Moves to Next Level

Article excerpt

McAfee and Guardian Analytics uncovered early .this year a "Highly sophisticated, global financial services fraud campaign" that is believed to have attempted to steal an estimated $78 million to $2 billion. The targeted financial institutions included credit unions, large global banks, and regional banks in the European Union, Latin America, and the United States.

What makes these attacks different is that they don't require live (manual) interventions. "With no human participation required, each attack moves quickly and scales neatly," explains McAfee's Dave Marcus and Guardian Analytics' Ryan Sherstobitoff, authors of the research report "Dissection Operation High Roller."

A bank in Italy was the victim of the first series of attacks. It used Zeus and SpyEye malware to transfer funds to a "Personal mule" or pre-paid credit card, allowing the thief to quickly access and move the funds anonymously. (Zeus and SpyEye are malware that control a computer and its applications. They inject code to alter browser-based forms and collect passwords, logins, and other account information that is then transmitted to the attacker.)

[ILLUSTRATION OMITTED]

The malware code looked for the victim's highest value account, looked at the balance, and transferred either a fixed percentage or a relatively small fixed amount to a prepaid debit card or bank account. …